Thanks for the link, and credit to Kaspersky Labs for taking the effort to try to differentiate the difference between the actual malware and the potential legitmate but compromised payload it delivers.

The thought occurred to me that the real goal may not be to plant SETI on new hosts, but rather to compromise already existing installations with a trojanized version.

While we're on the subject, the Kama Sutra Worm is expected to activate tomorrow on the 3rd of February. Currently it is estimated that over 600,000 computers world wide are infected. The users are unaware of the infection, which the payload promises free porno pixs, then nothing happens. It just sits and waits. It also has the ability of disabling many AVP's. As you can see, Kaspersky lists this as a severe risk infection.

While we're on the subject, the Kama Sutra Worm is expected to activate tomorrow on the 3rd of February. Currently it is estimated that over 600,000 computers world wide are infected. The users are unaware of the infection, which the payload promises free porno pixs, then nothing happens. It just sits and waits. It also has the ability of disabling many AVP's. As you can see, Kaspersky lists this as a severe risk infection.

While we're on the subject, the Kama Sutra Worm is expected to activate tomorrow on the 3rd of February. Currently it is estimated that over 600,000 computers world wide are infected. The users are unaware of the infection, which the payload promises free porno pixs, then nothing happens. It just sits and waits. It also has the ability of disabling many AVP's. As you can see, Kaspersky lists this as a severe risk infection.

Description:
The earliest settlement at Troy was in the Early Bronze Age at ca. 3000 B.C. This small fortified settlement was destroyed by fire and was followed by Troy II (2500-2200 B.C.), which Schliemann incorrectly believed to have been the city of Priam. Settlement continued throughout the Bronze Age at the site. The latest prehistoric levels are Troy VI (1800-1275 B.C.) and Troy VII (1275-1100 B.C.) and scholars debate which of these levels represent the city of Priam and scene of the Trojan War.

Following the end of the Late Bronze Age there was a 400 year hiatus at the site until it was resettled at ca. 700 B.C. by Greek colonists, possibly from Lesbos or Tenedos. The Early Iron Age city (Troy VIII) was founded with the name Ilion and believed at the time to be the site of Homeric Troy. The city had little political power, but was symbolically important. It was under Persian control from the 6th century B.C. until the liberation of Asia Minor by Alexander the Great in 334 B.C.

In 480 B.C. Xerxes halted at Troy to sacrifice a thousand oxen before crossing the Hellespont into Greece. In 334 B.C. Alexander went to Troy immediately after crossing into Asia Minor to make an offering. Following the death of Alexander in 323 B.C., his successor in Thrace had a new temple of Athena built at the city. Julius Caesar, who believed himself to be a direct descendant of Priam, visited the city and gave it immunity from taxation. In the reign of Augustus the city and the sanctuary of Athena under went a large rebuilding program. Constantine considered Troy as a possible site for his new capital before chosing Byzantium, and as late as A.D. 355 the site was visited by the emperor Julian. By the 4th century A.D., however, the site was little more than a small farming community and by the 12th century A.D. it was completely abandoned.And the beat goes on
Sonny and Cher

P.S. If someone else did this, Carsten would only know about it if he looked at his stats, which not everybody does.

He definitely does - he changed the team from SETI Germany to his own one just few days ago. When doing it, you definitely have to pass through your account, where it is inavoidable that you see your RAC and your total credit. Well, now we can speculate that he has 1000 own hosts, and just this single and only stolen one - in that case you are certainly right - he would not notice the difference. However, I'd rather speculate the ratio is rather in the opposite way. Still only speculations. Hope we see the truth soon.

Oh, I'd say he DEFINTELY is interested in stats and knows very well what his are. The following is from the forum on Seti.Germany's site:

Author Thread "bad team statistics: German teams "Carsten_Giese of contributions: 1 bad team statistics: German teams (of 12.01.2006 - the 10:49:24) with quotation answer hello, SetiGermany Admins, can answer someone to me the question, why in your team statistics for the German teams only the teams to be indicated to be supposed, which have more than 10 members? We have on our firm servers only one account, however over 6 million Credits in the course of the years collected. According to my opinion the number of Credits should stand nevertheless with the Ranking in the foreground and that should in your statistics nevertheless also by the Ranking become "recompenced". Would be beautiful, if you with your statistics the filter "mind. 10 Members "to take out would know, in order to give to also small and very successful teams a chance to be listed with you. Otherwise nevertheless m. E. the impression develops that becomes here intentionally with filters "manipulated". Greeting: Carsten Giese German team "ESC Consult"Capitalize on this good fortune, one word can bring you round ... changes.

My concern lies not in the safety of other people's computers. Those who know how to defend themselves against virii will be fine, and those who don't... well... just like you said in your blog...

Anyway, my concern lies in the implications this will have on the competition of SETI@home. I'm worried that the message is being sent out that making virii to boost your seti stats is acceptable, and that as a result people will openly continue to write more and more of them.

I started my team, SETI.USA, because I saw an opportunity to become the top team in the world, legitimately, and thought that it would be fun to try. However, all the fun is gone when people start resorting to means outside of the rules.

I realize it's still unknown whether Carsten is responsible, and I don't have any suggestions for resolving this. I just feel that this is a concern most of us have, and a concern that wasn't being recognized. Most of us have a lot of fun competing in SETI@home, but this takes most of the fun out of it.

I agree. The stats in Seti Classic became meaningless because of all the cheating. Is the same thing happening here? I hope not!

Aren't the stats basically meaningless anyway?
(I am simply astounded how much time ppl appear to put into thinking about them and complaining.)
Bottom line, I think, is this: you can have all the credits in the world that you want, and still not be one of the ppl credited with crunching a work unit with a good strong signal candidate. By running just 2 computers, I am in the running for that.Capitalize on this good fortune, one word can bring you round ... changes.

Aren't the stats basically meaningless anyway?
(I am simply astounded how much time ppl appear to put into thinking about them and complaining.)
Bottom line, I think, is this: you can have all the credits in the world that you want, and still not be one of the ppl credited with crunching a work unit with a good strong signal candidate. By running just 2 computers, I am in the running for that.

LOL, good point! I suppose it's like the lottery, unless you "win" it was all a big "waste". At least with BOINC, everyone can see how much "cash" you're blowing on it. :-)

While we're on the subject, the Kama Sutra Worm is expected to activate tomorrow on the 3rd of February. Currently it is estimated that over 600,000 computers world wide are infected. The users are unaware of the infection, which the payload promises free porno pixs, then nothing happens. It just sits and waits. It also has the ability of disabling many AVP's. As you can see, Kaspersky lists this as a severe risk infection.

<rant>
It's been three centuries since the Greeks took the city of Troy.

Why haven't we learned to leave the horse outside the city?

Free porn indeed! Think of this as evolution in action.

I'll get off my soapbox now.
</rant>

3 Centuries?

Okay, so I'm off by one order of magnitude.

Point is: there was a pretty horse. It was all shiny, and it had wheels. The people of Troy brought the pretty horse inside the walls. It got dark, the bad soldiers inside came out, opened the gates, and the rest is, as they say, History.

We should know by now that not everything is as it seems, and it's really best to leave the damn Trojan Horses alone.

It shouldn't take 300 years to learn that lesson, even if the right number is closer to 3000.

We should know by now that not everything is as it seems, and it's really best to leave the damn Trojan Horses alone.

It shouldn't take 300 years to learn that lesson, even if the right number is closer to 3000.

The problem is, if I ask my younger siblings, if they know what a 'trojan horse' is, they don't recall the story of Troy, but rather tell me about malware.
Fine, they're less likely to have their computers infected, but aren't they missing some more general meaning?

maybe it would be a good idea to include to BOINC software some protection option, that won't let processing any BOINC application if there is no folder called projects, or file boincmgr.exe, or even boinc.exe...

it would not make cheating impossible, but for sure it would make it harder, and easier to detect...

maybe it would be a good idea to include to BOINC software some protection option, that won't let processing any BOINC application if there is no folder called projects, or file boincmgr.exe, or even boinc.exe...

it would not make cheating impossible, but for sure it would make it harder, and easier to detect...

or not... reading that forum more carefuly, i found, that there were all BOINC/seti folders...

but then maybe there should be some special codes, that would make, changing name of boinc.exe this file completely unuseful...

It will verride your current install of boinc. I lost a few months of processing. One day I go look at boinc to find it was processing for another account.

I'm still looking for the software that plugged it into my system.

Wow, so do we have another case here? It not only installs itself in infected/attacked computers, but it also hijacks already present installations of BOINC and replaces the account? Was is the same user (Carsten Giese) or another one? Are you sure it did not happen due to your error or a typo when attaching the project? Do you still have the data and files from the time you discovered it? Did you contact BOINC officials and sent them the data files?

EDIT: This case is ethically even worse than the first one - in the first case, you can at least argue that BOINC installed on "virgin" computers (I mean those without a previous BOINC installation), in fact helps the science, because it does not cause any damage to the PC, and still generates valid results. In the latter case though, the argument is invalid - the only purpose of such hijacking is stupid greed for more credits.trux BOINC softwareFreediving Team
Czech Republic

@Fred G: Tell RedSpideR that the better_banner.jpg is part of the Seti screensaver & graphics. It's the static banner in the left lower corner. So it's not something he downloaded with a payload. It is part of Seti. Jord

Ancient Astronaut Theorists suggest that in many ways, you can be considered an alien conspiracy!

The word "cheating" makes my skin crawl. I'm not being high and mighty, but have you ever played golf with someone who cheats? It's frustrating, angering and feels like a waste of time and money. Now please understand, I do not ever intend to abandon SETI or BOINC projects. Never. But I sure do hope, as do you all, that this issue is resolved ASAP for the sake of the reputation of the project. If for no other reason, it's a potetially irresistable juicy carrot to dangle in front of Black Hats.